Description
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.
Published: 2026-04-22
Score: 9.6 Critical
EPSS: n/a
KEV: No
Impact: Privilege Escalation
Action: Apply patch
AI Analysis

Impact

The vulnerability resides in the Augmentt web application where the server fails to properly validate user roles before allowing manipulation of request parameters. By altering specific parameters in the URL or form data, a regular authenticated user can trick the system into treating them as a super administrator. This grants them full read/write access to all protected resources and configuration settings, effectively escalating privileges with no additional authentication steps.

Affected Systems

The affected product is Augmentt’s web application platform. No specific version numbers are listed in the advisory; therefore, any installation of the Augmentt web application that has not applied a patch from the vendor could be susceptible.

Risk and Exploitability

The CVSS score of 9.6 coupled with an unavailable EPSS score indicates a very high severity. The vulnerability allows a standard authenticated user to elevate privileges to super administrator simply by manipulating request parameters, requiring no additional authentication. There are no publicly known exploit scripts, but the attack path is trivial for an attacker controlling a user session. Since the issue is not listed in the CISA KEV catalog, active exploitation in the wild is not yet confirmed, yet the potential impact warrants immediate attention.

Generated by OpenCVE AI on April 22, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-supplied patch or upgrade to the latest version of the Augmentt web application.
  • Enforce strict role-based access controls on all privileged endpoints and validate user roles on the server side before processing requests.
  • Monitor application logs for unexpected access to administrative functions and investigate any anomalies promptly.

Generated by OpenCVE AI on April 22, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
CWE-639

Wed, 22 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.
Title CVE-2026-6356
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-04-22T14:42:10.888Z

Reserved: 2026-04-15T13:51:11.794Z

Link: CVE-2026-6356

cve-icon Vulnrichment

Updated: 2026-04-22T14:39:05.435Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T14:17:06.720

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-6356

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T19:30:24Z

Weaknesses